I’ve added this new Rule that shall ‘link-accounts-with-same-ssn’ (it’s based upon Link-Users-With-Same-Email). The problem is that I’m getting: statusCode: 401, error: ‘Unauthorized’, message: ‘Missing authentication’
The first request is working fine with the same bearer. What could I’ve missed?
The Rule:
function (user, context, callback) {
const request = require('request');
const swedishBankIdAnotherDevice_connectionId = 'con_myswedishbankid_connectionid';
const isSwedishBankIdConnection = context.connectionID === swedishBankIdAnotherDevice_connectionId;
// Check if connection is SwedishBankId,
// we shouldn't automatically merge accounts if this is not the case.
if (!isSwedishBankIdConnection) {
return callback(null, user, context);
}
if (!user.app_metadata || !user.app_metadata.userSocialSecurityNumber || user.app_metadata.userSocialSecurityNumber.length !== 12) {
return callback(new Error('[!] Rule: BankIdUser is missing the required property app_metadata.userSocialSecurityNumber'));
}
const userApiUrl = auth0.baseUrl + '/users';
const userSearchQueryUrl = userApiUrl + '?q=app_metadata.userSocialSecurityNumber%3A%22' + user.app_metadata.userSocialSecurityNumber + '%22&search_engine=v3';
request({ **// <<< works fine**
url: userSearchQueryUrl,
headers: {
Authorization: 'Bearer ' + auth0.accessToken
}
},
function(err, response, body) {
if (err) return callback(err);
if (response.statusCode !== 200) return callback(new Error(body));
var data = JSON.parse(body);
data = data.filter(function(u) {
return u.user_id !== user.user_id;
});
if (data.length > 1) {
return callback(new Error('[!] Rule: Multiple user profiles already exist - cannot select base profile to link with'));
}
if (data.length === 0) {
console.log('[-] Skipping link rule');
return callback(null, user, context);
}
const originalUser = data[0];
const provider = user.identities[0].provider;
const providerUserId = user.identities[0].user_id;
request.post({
url: userApiUrl + '/' + originalUser.user_id + '/identities',
headers: {
Authorization: 'Bearer ' + auth0.accessToken
},
json: {
provider: provider,
user_id: String(providerUserId)
}
}, function(err, response, body) {
if (response.statusCode >= 400) {
**return callback(new Error('Error linking account: ' + response.statusMessage));** **// <<<< this is where I'm getting statusCode: 401, error: 'Unauthorized', message: 'Missing authentication'**
}
context.primaryUser = originalUser.user_id;
callback(null, user, context);
});
});
}
It could be worth mentioning that when I loggin the application starts looping the login with the message from the Rule above (this might be standard behavior when the rule fails in this way?). It generates this:
The scenario for my application is this:
We’ve added Criiptos solution to Auth0 to have some users be able to login with Swedish BankId.
Create user Username/Password (add social security number as metadata, will be used to link accounts)
User signs in with BankId, the user gets created in Auth0. The rule described above kicks in and link the new BankId-user with the manually created user (username/password)
Ok I did try to run it directly in the rule with no success “ManagementClient is not a constructor”.
After that I ran it from my machine using Node with success: